Hive JDBC Kerberos连接错误 [英] Hive JDBC Kerberos Connectivity error
本文介绍了Hive JDBC Kerberos连接错误的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在尝试通过JDBC连接到Hive-Server2.服务器已启用kerberos.
I am trying to connect to Hive-Server2 via JDBC.Server is kerberos enabled.
我正在使用以下代码,正在运行存在keytab文件的边缘节点的代码
I am using the following code,I am running the code of an edge node where keytab file is present
我想念什么?
import org.apache.hadoop.security.UserGroupInformation;
public class HiveJdbcClient {
private static String driverName = "org.apache.hive.jdbc.HiveDriver";
public static void main(String[] args)
throws SQLException, IOException, ClassNotFoundException {
org.apache.hadoop.conf.Configuration conf = new org.apache.hadoop.conf.Configuration();
conf.set("hadoop.security.authentication", "Kerberos");
UserGroupInformation.setConfiguration(conf);
int ch = 1;
String USER = (ch == 0) ? "hive/_HOST@HADOOP_DEV9.xyz.COM"
: "abcd@HADOOP_DEV9.xyz.COM";
String PASSWORD = (ch == 0) ? "/etc/security/keytabs/hive.service.keytab"
: "/u/users/abcd/.abcd.keytab";
System.out.println("User = " + USER + "Keytab =" + PASSWORD);
File f = new File(PASSWORD);
if (f.exists()) {
System.out.println("File exists");
} else {
System.out.println("File not exists");
}
UserGroupInformation.loginUserFromKeytab(USER, PASSWORD);
String ConnectionURL = "jdbc:hive2://tstr400382.xyz.com:2181,tstr400383.xyz.com:2181,tstr400384.xyz.com:2181,tstr400386.xyz.com:2181,tstr400387.xyz.com:2181/;"
+ "serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=hiveserver2"
+ ";principal=hive/_HOST@HADOOP_DEV9.xyz.COM;transportMode=http;httpPath=cliservice";
System.out.println("below connection url");
Class.forName(driverName);
Connection con = DriverManager.getConnection(ConnectionURL);
Statement stmt = con.createStatement();
String sql = "show databases;";
System.out.println("Running: " + sql);
ResultSet res = stmt.executeQuery(sql);
if (res.next()) {
System.out.println(res.getString(1));
}
}
}
我遇到以下错误
Exception in thread "main" java.io.IOException: Login failure for abcd@HADOOP_DEV9.xyz.COM from keytab /u/users/abcd/.abcd.keytab: javax.security.auth.login.LoginException: Unable to obtain password from user
at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:1098)
at hadoop.test.HiveJdbcClient.main(HiveJdbcClient.java:42)
Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user
at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:897)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:760)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:1089)
我能够做到
kinit -kt /u/users/abcd/.abcd.keytab abcd@HADOOP_DEV9.xyz.COM
密钥表上的Klist
Klist on keytab
Keytab name: FILE:.abcd.keytab
KVNO Principal
---- --------------------------------------------------------------------------
1 abcd@HADOOP_DEV9.xyz.COM
1 abcd@HADOOP_DEV9.xyz.COM
我长期坚持使用它,请帮忙.
I am stuck on it from a long time,please help.
I used this for learning and I followed it
推荐答案
用于服务主体"hive"和 user主体的Kerberos领域名称可能有所不同"abcd",如下所述:
There could be a difference in the Kerberos realm names used for the service principal "hive" and user principal "abcd" as mentioned below:
hive/_HOST@<KDC_REALM_1>
abcd@<KDC_REALM_2>
请与您的集群管理员确认,并进行必要的更改.
Please verify with your cluster administrator and make the necessary changes if there is a difference.
这篇关于Hive JDBC Kerberos连接错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
